OPC UA PUBSUB SKS

[Muddasir shakil]

Hi,

I tested the functionalities of "feature(sks): SKS and pubsub integration #3255" PR, it looks promising. It is somewhat behind to the master, so it needs to be updated. I wanted to ask that if someone is already working on integrating this PR into master. Since it is quite a big PR to be merged it makes sense to break it down into smaller chunks like I have seen with #4256, which adds Encryption and Decryption functionalities. I think next step can be SKS methods, Publisher/Subscribe API and config parameters to connect with SKS, Support for Key Push and Pull, adding documentation on API and tutorial, and so on. I can start working on it, but first I wanted to know what are the current plans regarding SKS integration.

I will be happy to help to bring SKS into Open62541 upstream :).

With BR

Muddasir Shakil

[Zbyněk Zahradník]

Hello.

I am glad to hear that open62541 will get the SKS and pubsub security. Will you be interested in testing the interoperability with something that is *not* based on open62541? Because, testing with itself usually works.... but it does not prove that the specification was understood correctly. I have my own subscriber and publisher products which can do key pull from SKS, and signed/encrypted messages (UADP). I work inside OPC Foundation on PubSub prototyping, and we have already tested some implementations together (and found issues, and clarified the spec...). 

Best regards

Zbynek Zahradnik

[Muddasir shakil]

Hi,

Thank you, this is a really good idea. I also think we should do these kinds of tests. Could you be so kind to share your repo, so that I get more informed about it and proceed towards interoperability testing.

With BR

Muddasir Shakil

[Zbyněk Zahradník]

Hello,

there is no public (source code) repo, this is closed source commercial library. But the tools that will likely be used for test are public/free, and of course I can provide you with anything needed as well. The OpcCmd utility (can act as Subscriber) and the UADemoPublisher are for download here: https://kb.opclabs.com/Tool_Downloads . And some more infos are e.g. here:

- https://kb.opclabs.com/Using_OpcCmd_Utility_as_OPC_UA_PubSub_Subscriber

- https://kb.opclabs.com/UADemoPublisher_Basics

- https://kb.opclabs.com/How_to_publish_or_subscribe_to_secure_OPC_UA_PubSub_messages

So anybody in fact can start with this, but in case of any issues I was thinking of rather close cooperation, since then it usually needs two developers delving deep into the bytes on the wire and the like. I am ready for that, just need to schedule some time - depends on you. From your side, it would be great if, when you get to the point you believe you have a working software, can provide me with something similar as I did - i.e. some test programs that can actually be run, so that we can prove the interoperability. If this is not ready yet, it is fine to wait - can be weeks or months, whatever, I just feel that is something that should be done eventually.

BR